Odoo Help

Welcome!

This community is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.

2

Setting up rules' Access Right in xml,csv files [Closed]

By
Obay Albadri
on 4/21/13, 7:12 AM 7,902 views

The Question has been closed

by
Sudhir Arya (SA)
on 04/22/2013 02:16:24

I created new module depends on Project Management, i want to add new Groups,users,rules and Access controls in security folder. I successfully added groups and users, and for some extend Access Controls.

My Question is: how to specify the access right(Read/Write/Create/Delete) for every rule?.

For example: 1.User can create/read/write tasks (ACL) 2.User can read/modify only tasks assigned to him (Rule) 3.Project managers can see all tasks in their projects (Rule)

I couldn't find a documentation for this point, any links or explanations?

Is this related to: <field name="model_id" ref="model_project_task"/>

Obay Albadri
on 4/21/13, 7:40 AM
This question has been included in the official documentation.
9

Sudhir Arya (SA)

--Sudhir Arya (SA)--
10150
| 6 8 8
Ahmedabad, India
--Sudhir Arya (SA)--

Working as an OpenERP/Odoo developer and a Team Leader 

Top 5 Odoo contributor On Stackoverflow

LinkedIn

Blog

Stackoverflow

Sudhir Arya (SA)
On 4/21/13, 8:35 AM

Access Right This is how you can give read/write/create/delete rights in group on particular object by creating ir.model.access.csv file. See line number 1 & 2.


Access Rules This is how you can create access rules for particular object and groups by creating xml file.

For example:

    <record model="ir.rule" id="ir_values_my_costume_rule">
        <field name="name">My Rule Name</field>
        <field name="model_id" ref="model_your_model_name"/>
        <field name="domain_force">[('field','operator','value'),('user_id','=',user.id)]</field>
        <field name="perm_read" eval="True"/>
        <field name="perm_write" eval="True"/>
        <field name="perm_unlink" eval="True"/>
        <field name="perm_create" eval="True"/>
    </record>

You must pass model_ before model name in <field name="model_id" ref="model_your_model_name"/> like this: model_sale_order or model_project_task.

Here in eval you can either pass True or False as per you need.


Record Rules can be defined from the menu also without creating any file : Settings->Technical->Security->Record Rules.

There are three main fields that you need to configure carefully in order to define "Record Rule"

  1. Object: On which you want to apply record rule. (in this example it is "Task" object).
  2. Domain: Setup domain for filtering the data.
  3. Groups: Add group for which you want to apply this record rule. If nothing to add then this rule is apply globally which is usually used to configuring multi-company record rule.

I am going to explain such access rule by taking the example of "Task" object of OpenERP.

In my example, suppose my requirement is like this:

The user 'rch' can access only list of tasks of following kind...

  1. list of all tasks which is not assigned to any user. i.e.('user_id','=',False)
  2. list of all tasks Which is assigned to user 'rch'. i.e.('user_id','=',user.id)
  3. list of all tasks of all the project's for which he is a member of. i.e.('project_id.members','in', [user.id])
  4. list of all tasks of the project for which he is a project manager. i.e.('project_id.user_id','=',user.id)

Configure your record rule as follow:

  1. Name: Tasks According to User and Project.
  2. Object: Task.
  3. Domain: ['|','|','|',('user_id','=',False),('user_id','=',user.id),('project_id.members','in', [user.id]),('project_id.user_id','=',user.id)].
  4. Groups: project/User.

Now add this group (project/User) to user 'rch'.

That is exactly what i am looking for, [<field name="perm_xxx" eval="True"/>], i couldn't find it any where else, thank you very much Arya.

Obay Albadri
on 4/21/13, 9:26 AM

Most welcome.

Sudhir Arya (SA)
on 4/21/13, 9:27 AM

Just one thing <field name="perm_xxx" eval="True"/> didn't work for me, but <field name="perm_xxx" eval="1"/> did!

Obay Albadri
on 4/22/13, 6:21 AM

Hi sudhir Arya, In ir.model.access.csv file Is there any way to set noupdate="1" (like xml file) so admin users can freely customize them

Prakash
on 11/15/13, 5:13 AM

About This Community

This community is for professionals and enthusiasts of our products and services. Read Guidelines

Question tools

1 follower(s)

Stats

Asked: 4/21/13, 7:12 AM
Seen: 7902 times
Last updated: 3/16/15, 8:10 AM